Skip to main content

The vulnerability knowledge store

Project description

Patton - The vulnerability knowledge store

Current version

0.0.4

Project site

https://github.com/bbva/patton-server

Issues

https://github.com/bbva/patton-server/issues/

Documentation

https://patton-server.readthedocs.org/

Python versions

3.6 or above

How it works

patton-server is a small service that preprocess CVEs and CPEs from NIST and perform intelligent queries to a postgres database. You can consume the service via api, cli or with the postman in this repository.

diagram

You can see the Demo video for a quick start:

diagram

What’s Patton Server

Patton server is project that store the vulnerability information (CVEs) and link it with product details (CPE) and allow to ask in a very clever way.

For example:

Finding library vulnerabilities

  • Given a software library in raw format, i.e: django

  • And a version in a possible version, i.e: 1.2

Patton can find all the Product Identification for Django and their public vulnerabilities.

Finding software from raw text

  • Given a HTTP server banner, i.e: “Apache 2.2-ubuntu2 +PHP Mod”

Patton can find, with a very exact way, vulnerabilities for Apache and the specific version

What’s the different with other projects?

There’re other project, like CVE Search that also stores CVE information. What’s is the difference then with Patton?

Clever matching

Differing with the approach of CVE-Search (and other projects) Patton don’t need a CPE as input. Patton deduces the CPE.

The actually Patton purpose is build clever queries and deduce information. Por example: from a library name and their version, can deduce the related CPEs and associated CVEs.

Be updated

Patton can alert you when new vulnerabilities are released:

You can configure the Patton web-hook and it will alert you with ONLY with new vulnerabilities published.

How to use Patton server?

Patton serve has a REST API. You can check if in different ways:

  • Using raw curl / wget / [YOUR FAVORITE HTTP CLIENT]

  • Using the Postman collection you can find in this repo (named patton_server.postman.json)

  • Using Patton-cli (https://github.com/bbva/patton-cli/: We recommend to use this way. Patton-cli is a powerful client for Patton server that allow to extract and check vulnerabilities for your systems in a many different ways.

Documentation

Go to documentation site: https://patton-server.readthedocs.org/

Contributing

Any collaboration is welcome!

There’re many tasks to do.You can check the Issues and send us a Pull Request.

Also you can read the TODO file.

License

This project is distributed under Apache 2 license

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

patton-server-0.0.4.post11.tar.gz (19.1 kB view details)

Uploaded Source

File details

Details for the file patton-server-0.0.4.post11.tar.gz.

File metadata

File hashes

Hashes for patton-server-0.0.4.post11.tar.gz
Algorithm Hash digest
SHA256 cca4ae875bcdda3a89f6d04fc4b5c9fe89e13ae994357cfa7c75af34c81e3114
MD5 c05b3e8d9dcca5bafebcfc7291264f8f
BLAKE2b-256 dc7d9ab7e02edd2934046ea31a0345434641283667dbf5216096ac1df65b4722

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page